2 Answers
2

Symmetric keys should be kept secret. Secret key is often used as a synonym for symmetric key.

The establishment of symmetric keys can be performed in several ways:

(Authenticated) Key Agreement (KA)

Sending of an (authenticated) encrypted key, also known as key wrapping

Derivation from a base key using a Key Derivation Function (KDF), using other data as input, for instance a unique number. If derivation is used for multiple devices it is often called key diversification.

Any kind of "out of band" procedure,

by a previous telephone call

sending a letter

meeting in a pub (handing over a USB stick or other data carrier)

Creating a key from key parts held by different persons

There may be other methods for establishing symmetric keys, but these are the most commonly used ones. The security of these schemes depends of course on the implementation.

As a subcase of 3, when making multiple devices identical except for a serial number, it is common to derive a device's key from a master key and the serial number using a KDF. In the field of Smart Cards, this is often called diversification. It insures that if a card's secret gets extracted, others are not compromised; while making it easy to find a card's key for someone/something holding the master key.
–
fgrieuSep 18 '13 at 16:21

The key must be kept secret or it is no longer an encryption system. They key must be shared at some point, when is not important, but how is, and how determines when.

You can send encrypted messages to someone, then hand them the key on a post-it note at a later point in time so they can decode it, or on a flash drive, or some other physical handoff or dead drop.

The most common method is to create a shared secret between the two parties by way of diffie hellman key exchange, which is then hashed to create the encryption key. This type of exchange is susceptible to a man in the middle attack, so some sort of scheme must be used to authenticate the exchange, such as signing each message of the exchange with a long term private key to which the other party holds a public key to verify.

Another method is to include the key with the message, and use RSA type encryption on the key, so that only the intended recipient can decode the key, and decode the message

hand over the key by post or any media is not secure that why the concept of public key cryptography come in consideration.
–
AriaSep 16 '13 at 5:42

2

Actually handoffs are used even to this day, and may conceal the fact that a key has been exchanged at all because an attacker does not see a key exchange over a tapped link. Mailing a key on the other hand is very insecure, as a letter can be opened or xrayed, discs can be cloned, etc.
–
Richie FrameSep 16 '13 at 5:47